#!/usr/bin/perl -w
##
## fwtool.pl
##
## Made by 	tab
## Login	<tab@crans.org>
##
## Started on  Sun Dec  2 19:11:06 2001 tab
## Last update dim 03 fév 2002 21:17:55 CET Nicolas STRANSKY
##

use strict;

my $paireipmac = "/CRANS/generated/ether/pairesMAC-IP.txt";
my $blacklist = "/CRANS/confs/blacklist.cf";

sub iptables
{
	my ($string) = @_;
	system("/sbin/iptables ".$string."\n");
}

sub mac
{
	open MACFILE, $paireipmac;
	while (my $line = <MACFILE>) {
		my ($mac, $ip) = (split " ", $line)[0,1];
		my $ipclass = (split /\./, $ip)[2];
		iptables("-A S".$ipclass." -s ".$ip."	-m mac --mac-source ".$mac." -j ACCEPT");
	}
	close(MACFILE);
}

sub blacklist
{
	open LIST, $blacklist;

	while (my $line = <LIST>) {
		my ($fd1) = (split "#", $line)[0]; 
		if (!($fd1 =~ /^$/))
		{ 
			my ($ip, $port) = (split ":", $fd1);
			my @tab = split ",", $port;
			iptables("-A LIST -s ".$ip." -j BLACKLIST");
			foreach my $i (@tab) {
				iptables("-A BLACKLIST -p tcp -s ".$ip." --dport ".$i." -j ACCEPT");
			}
		}
			
	}
	close(LIST);
}

if (@ARGV != 1)
{
	exit(1);
}

if ($ARGV[0] eq 'blacklist')
{	blacklist(); }
elsif ($ARGV[0] eq 'mac')
{	mac(); }